The branch, v3-6-test has been updated
via c92513e idl: add to_null property
via 90f3708 idl: add to_null attribute to the spoolss devicename array
via 219d8c9 idl: add to_null attribute to the spoolss formname array
via aa8fbd5 ndr: add ndr_pull_charset_to_null()
via ec05a11 idl: add parser for the to_null property
from 6da7abe s3-libads: fix malloc/talloc mismatch in
ads_keytab_verify_ticket().
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-6-test
- Log -----------------------------------------------------------------
commit c92513e218432ba3fb4afe6e93c8c1fc8f684368
Author: David Disseldorp <[email protected]>
Date: Fri Jan 13 13:51:22 2012 -0800
idl: add to_null property
to_null specifies that character conversion should only occur until the
null pointer in an array based string.
Signed-off-by: Jeremy Allison <[email protected]>
Autobuild-User: Jeremy Allison <[email protected]>
Autobuild-Date: Sat Jan 14 00:51:54 CET 2012 on sn-devel-104
The last 5 patches address bug #8606 (Intermittent print job failures
caused by
character conversion errors).
commit 90f3708135ef6573997417bd8e53191df78519c2
Author: David Disseldorp <[email protected]>
Date: Wed Nov 23 02:03:48 2011 +0100
idl: add to_null attribute to the spoolss devicename array
OpenPrinterEx requests have also been observed in the wild carrying
non-utf16 garbage after the device mode devicename field null
terminator.
Signed-off-by: Jeremy Allison <[email protected]>
commit 219d8c916fd890ca4b4eae77abd5a651aa37e4ff
Author: David Disseldorp <[email protected]>
Date: Sun Nov 13 20:40:56 2011 +0100
idl: add to_null attribute to the spoolss formname array
OpenPrinterEx requests have been observed in the wild carrying a device
mode formname "A4" followed by non-utf16 garbage after the null
terminator. Such requests currently fail during unmarshalling in the
ndr_pull_charset() codepath, causing intermittent print job failures.
This change ensures that garbage after the device mode formname null
terminator is not processed in unmarshalling.
https://bugzilla.samba.org/show_bug.cgi?id=8606
Signed-off-by: Jeremy Allison <[email protected]>
commit aa8fbd5005c06dfd0b5ee2865c49eab285f57e62
Author: David Disseldorp <[email protected]>
Date: Fri Jan 13 16:32:59 2012 -0800
ndr: add ndr_pull_charset_to_null()
The same as ndr_pull_charset(), however only perform character
conversion on bytes prior to and including the null terminator.
Signed-off-by: Jeremy Allison <[email protected]>
commit ec05a11c362f0aa4875c8dd3cfb853d0fae84c4c
Author: David Disseldorp <[email protected]>
Date: Sun Nov 13 20:39:58 2011 +0100
idl: add parser for the to_null property
Compile into a ndr_pull_charset_to_null call.
Signed-off-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
librpc/idl/spoolss.idl | 4 +-
librpc/ndr/libndr.h | 1 +
librpc/ndr/ndr_string.c | 32 ++++++++++++++++++++++++++++++
pidl/lib/Parse/Pidl/NDR.pm | 9 +++++++-
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 6 ++++-
5 files changed, 48 insertions(+), 4 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl
index 4599e3a..d888a79 100644
--- a/librpc/idl/spoolss.idl
+++ b/librpc/idl/spoolss.idl
@@ -678,7 +678,7 @@ cpp_quote("#define spoolss_security_descriptor
security_descriptor")
const int MAXDEVICENAME = 32;
typedef [public,gensize] struct {
- [charset(UTF16)] uint16 devicename[MAXDEVICENAME];
+ [charset(UTF16),to_null] uint16 devicename[MAXDEVICENAME];
spoolss_DeviceModeSpecVersion specversion;
uint16 driverversion;
uint16 size;
@@ -697,7 +697,7 @@ cpp_quote("#define spoolss_security_descriptor
security_descriptor")
uint16 yresolution;
spoolss_DeviceModeTTOption ttoption;
spoolss_DeviceModeCollate collate;
- [charset(UTF16)] uint16 formname[MAXDEVICENAME];
+ [charset(UTF16),to_null] uint16 formname[MAXDEVICENAME];
uint16 logpixels; /* reserved */
uint32 bitsperpel; /* reserved */
uint32 pelswidth; /* reserved */
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 8c59bb9..f4b7db9 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -568,6 +568,7 @@ size_t ndr_size_string_array(const char **a, uint32_t
count, int flags);
uint32_t ndr_string_length(const void *_var, uint32_t element_size);
enum ndr_err_code ndr_check_string_terminator(struct ndr_pull *ndr, uint32_t
count, uint32_t element_size);
enum ndr_err_code ndr_pull_charset(struct ndr_pull *ndr, int ndr_flags, const
char **var, uint32_t length, uint8_t byte_mul, charset_t chset);
+enum ndr_err_code ndr_pull_charset_to_null(struct ndr_pull *ndr, int
ndr_flags, const char **var, uint32_t length, uint8_t byte_mul, charset_t
chset);
enum ndr_err_code ndr_push_charset(struct ndr_push *ndr, int ndr_flags, const
char *var, uint32_t length, uint8_t byte_mul, charset_t chset);
/* GUIDs */
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index d750e2c..b917d65 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -694,6 +694,38 @@ _PUBLIC_ enum ndr_err_code ndr_pull_charset(struct
ndr_pull *ndr, int ndr_flags,
return NDR_ERR_SUCCESS;
}
+_PUBLIC_ enum ndr_err_code ndr_pull_charset_to_null(struct ndr_pull *ndr, int
ndr_flags, const char **var, uint32_t length, uint8_t byte_mul, charset_t chset)
+{
+ size_t converted_size;
+ uint32_t str_len;
+
+ if (length == 0) {
+ *var = talloc_strdup(ndr->current_mem_ctx, "");
+ return NDR_ERR_SUCCESS;
+ }
+
+ if (NDR_BE(ndr) && chset == CH_UTF16) {
+ chset = CH_UTF16BE;
+ }
+
+ NDR_PULL_NEED_BYTES(ndr, length*byte_mul);
+
+ str_len = ndr_string_length(ndr->data+ndr->offset, byte_mul);
+ str_len = MIN(str_len, length); /* overrun protection */
+
+ if (!convert_string_talloc(ndr->current_mem_ctx, chset, CH_UNIX,
+ ndr->data+ndr->offset, str_len*byte_mul,
+ discard_const_p(void *, var),
+ &converted_size, false))
+ {
+ return ndr_pull_error(ndr, NDR_ERR_CHARCNV,
+ "Bad character conversion");
+ }
+ NDR_CHECK(ndr_pull_advance(ndr, length*byte_mul));
+
+ return NDR_ERR_SUCCESS;
+}
+
_PUBLIC_ enum ndr_err_code ndr_push_charset(struct ndr_push *ndr, int
ndr_flags, const char *var, uint32_t length, uint8_t byte_mul, charset_t chset)
{
ssize_t ret, required;
diff --git a/pidl/lib/Parse/Pidl/NDR.pm b/pidl/lib/Parse/Pidl/NDR.pm
index d91c324..71e7228 100644
--- a/pidl/lib/Parse/Pidl/NDR.pm
+++ b/pidl/lib/Parse/Pidl/NDR.pm
@@ -171,6 +171,7 @@ sub GetElementLevelTable($$$)
my $is_string = 0;
my $is_fixed = 0;
my $is_inline = 0;
+ my $is_to_null = 0;
if ($d eq "*") {
$is_conformant = 1;
@@ -208,6 +209,10 @@ sub GetElementLevelTable($$$)
delete($e->{PROPERTIES}->{string});
}
+ if (has_property($e, "to_null")) {
+ $is_to_null = 1;
+ }
+
push (@$order, {
TYPE => "ARRAY",
SIZE_IS => $size,
@@ -218,7 +223,8 @@ sub GetElementLevelTable($$$)
IS_VARYING => $is_varying,
IS_CONFORMANT => $is_conformant,
IS_FIXED => $is_fixed,
- IS_INLINE => $is_inline
+ IS_INLINE => $is_inline,
+ IS_TO_NULL => $is_to_null
});
}
@@ -1099,6 +1105,7 @@ my %property_list = (
"noheader" => ["ELEMENT"],
"charset" => ["ELEMENT"],
"length_is" => ["ELEMENT"],
+ "to_null" => ["ELEMENT"],
);
#####################################################################
diff --git a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
index 7cda272..2078f58 100644
--- a/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
+++ b/pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm
@@ -1033,7 +1033,11 @@ sub ParseElementPullLevel
if ($l->{IS_ZERO_TERMINATED}) {
$self->CheckStringTerminator($ndr, $e,
$l, $length);
}
- $self->pidl("NDR_CHECK(ndr_pull_charset($ndr,
$ndr_flags, ".get_pointer_to($var_name).", $length, sizeof(" .
mapTypeName($nl->{DATA_TYPE}) . "), CH_$e->{PROPERTIES}->{charset}));");
+ if ($l->{IS_TO_NULL}) {
+
$self->pidl("NDR_CHECK(ndr_pull_charset_to_null($ndr, $ndr_flags,
".get_pointer_to($var_name).", $length, sizeof(" .
mapTypeName($nl->{DATA_TYPE}) . "), CH_$e->{PROPERTIES}->{charset}));");
+ } else {
+
$self->pidl("NDR_CHECK(ndr_pull_charset($ndr, $ndr_flags,
".get_pointer_to($var_name).", $length, sizeof(" .
mapTypeName($nl->{DATA_TYPE}) . "), CH_$e->{PROPERTIES}->{charset}));");
+ }
return;
} elsif (has_fast_array($e, $l)) {
if ($l->{IS_ZERO_TERMINATED}) {
--
Samba Shared Repository
